problém- AverMedia mi nezapne naprogramované nahrávání
v logu systémových událostí mi to píše:
Informace 23.6.2009 16:39:35 Service Control Manager Není k dispozici 7035 SYSTEM HENRY
Informace 23.6.2009 16:39:35 Service Control Manager Není k dispozici 7036 Není k dispozici HENRY
Chyba 23.6.2009 16:39:35 Service Control Manager Není k dispozici 7026 Není k dispozici HENRY
Chyba 23.6.2009 16:39:35 Service Control Manager Není k dispozici 7000 Není k dispozici HENRY
Informace 23.6.2009 16:38:48 redbook Není k dispozici 10 Není k dispozici HENRY
Informace 23.6.2009 16:38:48 redbook Není k dispozici 10 Není k dispozici HENRY
Chyba 23.6.2009 16:38:40 sptd Není k dispozici 4 Není k dispozici HENRY
Informace 23.6.2009 16:39:02 eventlog Není k dispozici 6005 Není k dispozici HENRY
Informace 23.6.2009 16:39:02 eventlog Není k dispozici 6009 Není k dispozici HENRY
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:42, on 25.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ClocX\ClocX.exe
C:\Aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Jabbim\jabbim.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Aplikace\Kancelar\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Namedate] C:\Program Files\nezmeskej\nezmeskej.exe s s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\Aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Aplikace\Kancelar\Office03\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Služba Google Update (gupdate1c9a4e08fc98cb0) (gupdate1c9a4e08fc98cb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Aplikace\Utils\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 14219 bytes
prosím o kontrolu logu:
-
mikrob48
- nováček
- Příspěvky: 11
- Registrován: červen 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
prosím o kontrolu logu:
Na začátku všeho bylo slovo a ve slově byly dva bajty, a víc nebylo nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu:
Odinstaluj:
pdfforge Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
pdfforge Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mikrob48
- nováček
- Příspěvky: 11
- Registrován: červen 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu logu:
tak jsem se sem konečně dostal, byl jsem v práci, odinstalaci jsem provedl i to fixnutí v HJT i když jsem tam našel jen 2 položky (první a poslední). Sken na malware nic nenašel
Malwarebytes' Anti-Malware 1.38
Verze databáze: 2338
Windows 5.1.2600 Service Pack 3
26.6.2009 18:44:32
mbam-log-2009-06-26 (18-44-32).txt
Typ skenu: Rychlý sken
Objektu skenováno: 88648
Uplynulý cas: 2 minute(s), 37 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Malwarebytes' Anti-Malware 1.38
Verze databáze: 2338
Windows 5.1.2600 Service Pack 3
26.6.2009 18:44:32
mbam-log-2009-06-26 (18-44-32).txt
Typ skenu: Rychlý sken
Objektu skenováno: 88648
Uplynulý cas: 2 minute(s), 37 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Na začátku všeho bylo slovo a ve slově byly dva bajty, a víc nebylo nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu:
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mikrob48
- nováček
- Příspěvky: 11
- Registrován: červen 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu logu:
tady je ten log:
ComboFix 09-06-26.02 - Administrator 26.06.2009 20:23.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1350 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-26 do 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-22 18:33 . 2008-08-12 19:30 90112 ------r- c:\windows\system32\CardID.dll
2009-06-22 18:33 . 2007-02-09 05:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-06-22 18:33 . 2005-04-29 11:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-06-22 18:33 . 2008-07-04 10:28 249856 ------r- c:\windows\system32\sptlib01.dll
2009-06-22 18:33 . 2008-07-03 05:37 245760 ------r- c:\windows\system32\sptlib03.dll
2009-06-22 18:33 . 2007-03-17 01:27 253952 ------r- c:\windows\system32\sptlib02.dll
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\AVerMedia
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-06-21 13:15 . 2009-06-21 13:15 -------- d-----w- c:\program files\MSECache
2009-06-21 13:15 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 13:13 . 2009-06-21 13:14 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft.NET
2009-06-19 08:12 . 2009-06-19 08:12 -------- d-----w- c:\program files\ClocX
2009-06-13 14:00 . 2009-06-13 14:00 -------- d-----w- c:\program files\Shrink Pic
2009-06-12 08:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-12 08:20 . 2009-06-12 08:21 -------- d-----w- c:\program files\PDFCreator
2009-06-12 08:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-11 13:53 . 2009-06-11 14:10 -------- d-----w- c:\program files\MKVTOAVI
2009-06-11 11:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 11:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-05 07:18 . 2009-06-05 07:18 -------- d-----r- c:\program files\Skype
2009-06-01 08:00 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2009-06-01 07:47 . 2009-06-01 07:47 -------- d-----w- c:\program files\JDownloader 0.5.917
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-05-28 13:10 . 2009-06-11 21:50 -------- d-----w- c:\windows\ie8updates
2009-05-28 13:09 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 13:08 . 2009-05-28 13:09 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:37 . 2009-01-03 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 14:43 . 2004-08-18 11:00 79526 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 14:43 . 2004-08-18 11:00 432734 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 14:43 . 2008-03-24 15:49 -------- d-----w- c:\program files\ancestry
2009-06-21 13:09 . 2009-02-04 19:25 -------- d-----w- c:\program files\Microsoft
2009-06-21 13:05 . 2008-03-23 13:42 -------- d-----w- c:\program files\MSBuild
2009-06-17 09:27 . 2009-01-03 10:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-01-03 10:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 07:13 . 2008-07-27 15:37 160521 ----a-w- c:\windows\hpoins21.dat
2009-06-13 08:54 . 2009-02-04 19:24 -------- d-----w- c:\program files\Windows Live
2009-06-06 11:10 . 2009-03-25 07:59 -------- d-----w- c:\program files\VITSOFT
2009-06-06 11:10 . 2008-11-22 20:45 -------- d-----w- c:\program files\downloader
2009-06-02 07:56 . 2008-08-15 08:00 -------- d-----w- c:\program files\IObit
2009-05-31 14:46 . 2008-03-24 10:25 -------- d-----w- c:\program files\Google
2009-05-20 18:40 . 2009-05-20 18:40 545280 ----a-w- c:\windows\flashax.exe
2009-05-20 18:40 . 2009-05-20 18:40 12288 ----a-w- c:\windows\impborl.dll
2009-05-13 19:41 . 2009-05-13 16:50 -------- d-----w- c:\program files\czshare
2009-05-13 05:05 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 12:12 . 2009-05-08 11:03 -------- d-----w- c:\program files\Aegisub
2009-05-07 17:57 . 2008-03-23 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 21:51 . 2008-05-01 14:10 -------- d-----w- c:\program files\@_util
2009-05-04 18:14 . 2009-05-04 18:14 -------- d-----w- c:\program files\TimeAdjuster
2009-05-01 18:29 . 2009-05-01 18:06 -------- d-----w- c:\program files\ConvertHelper
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-29 19:39 . 2008-03-23 18:17 737280 ----a-w- c:\windows\iun6002.exe
2009-01-03 19:06 . 2009-01-03 17:17 1378336 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
------- Sigcheck -------
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2009-02-22 19:37 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-17 13:57 2017280 7715EDDD01EDFEF9EF335D29C6DFE212 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2017280 D6C6C7C38AB140251BAF5392B50F2FB6 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2025984 6045C7424106CCA4C9970C7230BD6253 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2025984 9F12E026DC0B0C43F521114EFB3A3ACC c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 11:26 2025984 6DD6966FA0FF770A3E5545875557C7F1 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-17 13:45 2150400 84FEF6BE553ACC66729F5D4113F53310 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:08 2137600 A97A571360EEEE9D1443A155D6B70CF8 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2147328 FFEB7726951F6D2859DF12FBC51F0188 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:36 2147328 27C7A7AED8A477F6A0C7D3AD00AB9419 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2147328 6499BF91CF62B4319D6ED7E99D0B6998 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-17 13:49 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2004-08-18 11:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-17 13:49 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3qfe\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 1548288 5CA2E2BA624D6F2C7A581C91E70394CB c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 13:49 171008 421184F91EAE5C6E78E653C6B32AAE84 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\system32\appmgmts.dll
[-] 2004-08-17 13:45 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Namedate"="c:\program files\nezmeskej\nezmeskej.exe" [2007-05-01 923136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"VirtualCloneDrive"="c:\aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2009-1-29 206848]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-22 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-22 663552]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Shrink Pic.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Aplikace\\Utils\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\RM.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\Studio.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\umi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Aplikace\\Utils\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Jabbim\\jabbim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:hptisk
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.5.2008 9:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2008 9:13 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.6.2009 20:32 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.6.2009 20:32 409600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [23.3.2008 19:56 38656]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [7.5.2009 19:56 273152]
S2 gupdate1c9a4e08fc98cb0;Služba Google Update (gupdate1c9a4e08fc98cb0);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 22:07 133104]
S4 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [15.3.2009 18:47 582144]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - MBAMSwissArmy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-06-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\aplikace\Utils\TuneUP08\OneClick.exe [2007-12-21 14:17]
2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:07]
2009-06-18 c:\windows\Tasks\NeroLiveEpgUpdate-HENRY_Administrator.job
- d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\9dxildhr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\aplikace\Kancelar\Adobe\Reader8\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 20:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4BF00D1-CA0B-FF94-DB53-ED8C5D433410}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oanceoheikfendhkppiaecllfaheok"=hex:64,61,6f,6d,63,6f,63,62,00,d0
"oajdmmcfbkccdklcenbionofjpopjk"=hex:6a,61,6f,6d,6c,6e,63,64,6b,68,68,68,6d,69,
68,66,63,61,6e,63,00,fd
"nadcoooaiahijmdnmhpanilfhoke"=hex:6a,61,6f,6d,6c,6e,63,64,6b,68,68,68,6d,69,
68,66,63,61,6e,63,00,fd
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4ED7CD0-AF12-D6B7-215E-994BD66B03DC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegfmgeccekdddedn"=hex:6a,61,70,61,6c,6b,6f,6b,67,65,67,6c,66,62,63,64,63,68,
63,64,00,01
"hakfnnpagdhhaamm"=hex:6a,61,70,61,6c,6b,6f,6b,67,65,67,6c,66,62,63,64,63,68,
63,64,00,01
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,01,9f,29,2b,fd,
ee,12,73,c8,28,51,af,b0,29,a3,98,71,84,62,2a,b4,09,3b,8f,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7e,90,73,7d,1d,
61,c1,e1,71,3b,04,66,8b,46,0d,96,3e,23,63,b5,f0,c9,d8,b8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,84,a7,82,d3,bf,
25,cb,6d,25,da,ec,7e,55,20,c9,26,3d,ed,3e,05,ae,dc,76,30,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,5c,62,23,fb,83,
77,19,fc,3e,1e,9e,e0,57,5a,93,61,d6,f0,4d,93,59,f0,4a,a2,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,78,34,a3,9d,3c,
bf,22,36,cd,44,cd,b9,a6,33,6c,cd,4f,97,a0,35,04,be,f1,f5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2d,50,5f,c4,04,
8e,08,0e,b0,18,ed,a7,3f,8d,37,a4,34,b1,be,7a,80,16,0d,56,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,2f,78,4f,d0,ac,
05,21,87,31,77,e1,ba,b1,f8,68,02,e1,d2,0a,af,7e,19,70,d5,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,14,a6,5d,1f,d2,
61,1c,e5,83,6c,56,8b,a0,85,96,ab,bf,93,f0,18,38,db,3f,4b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d0,77,1b,74,28,
86,00,76,51,fa,6e,91,28,9e,14,cc,89,f8,73,62,ae,10,78,7f,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,54,32,1c,a0,94,
d0,f4,5e,b1,cd,45,5a,a8,c4,f8,b9,eb,44,e9,13,79,0e,9c,9b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4a,2d,3a,b8,da,
2f,53,16,e3,0e,66,d5,eb,bc,2f,6b,63,73,a4,73,a5,c5,12,c0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,36,3e,a3,97,
27,fd,34,fa,ea,66,7f,d4,3b,6b,70,70,59,3f,36,f1,10,4d,55,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(696)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-26 20:25
ComboFix-quarantined-files.txt 2009-06-26 18:25
ComboFix2.txt 2009-01-03 15:46
Před spuštěním: 2 454 896 640
Po spuštění: 2 464 407 552
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
428 --- E O F --- 2009-06-11 21:50
ComboFix 09-06-26.02 - Administrator 26.06.2009 20:23.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1350 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-26 do 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-22 18:33 . 2008-08-12 19:30 90112 ------r- c:\windows\system32\CardID.dll
2009-06-22 18:33 . 2007-02-09 05:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-06-22 18:33 . 2005-04-29 11:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-06-22 18:33 . 2008-07-04 10:28 249856 ------r- c:\windows\system32\sptlib01.dll
2009-06-22 18:33 . 2008-07-03 05:37 245760 ------r- c:\windows\system32\sptlib03.dll
2009-06-22 18:33 . 2007-03-17 01:27 253952 ------r- c:\windows\system32\sptlib02.dll
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\AVerMedia
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-06-21 13:15 . 2009-06-21 13:15 -------- d-----w- c:\program files\MSECache
2009-06-21 13:15 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 13:13 . 2009-06-21 13:14 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft.NET
2009-06-19 08:12 . 2009-06-19 08:12 -------- d-----w- c:\program files\ClocX
2009-06-13 14:00 . 2009-06-13 14:00 -------- d-----w- c:\program files\Shrink Pic
2009-06-12 08:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-12 08:20 . 2009-06-12 08:21 -------- d-----w- c:\program files\PDFCreator
2009-06-12 08:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-11 13:53 . 2009-06-11 14:10 -------- d-----w- c:\program files\MKVTOAVI
2009-06-11 11:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 11:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-05 07:18 . 2009-06-05 07:18 -------- d-----r- c:\program files\Skype
2009-06-01 08:00 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2009-06-01 07:47 . 2009-06-01 07:47 -------- d-----w- c:\program files\JDownloader 0.5.917
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-05-28 13:10 . 2009-06-11 21:50 -------- d-----w- c:\windows\ie8updates
2009-05-28 13:09 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 13:08 . 2009-05-28 13:09 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:37 . 2009-01-03 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 14:43 . 2004-08-18 11:00 79526 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 14:43 . 2004-08-18 11:00 432734 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 14:43 . 2008-03-24 15:49 -------- d-----w- c:\program files\ancestry
2009-06-21 13:09 . 2009-02-04 19:25 -------- d-----w- c:\program files\Microsoft
2009-06-21 13:05 . 2008-03-23 13:42 -------- d-----w- c:\program files\MSBuild
2009-06-17 09:27 . 2009-01-03 10:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-01-03 10:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 07:13 . 2008-07-27 15:37 160521 ----a-w- c:\windows\hpoins21.dat
2009-06-13 08:54 . 2009-02-04 19:24 -------- d-----w- c:\program files\Windows Live
2009-06-06 11:10 . 2009-03-25 07:59 -------- d-----w- c:\program files\VITSOFT
2009-06-06 11:10 . 2008-11-22 20:45 -------- d-----w- c:\program files\downloader
2009-06-02 07:56 . 2008-08-15 08:00 -------- d-----w- c:\program files\IObit
2009-05-31 14:46 . 2008-03-24 10:25 -------- d-----w- c:\program files\Google
2009-05-20 18:40 . 2009-05-20 18:40 545280 ----a-w- c:\windows\flashax.exe
2009-05-20 18:40 . 2009-05-20 18:40 12288 ----a-w- c:\windows\impborl.dll
2009-05-13 19:41 . 2009-05-13 16:50 -------- d-----w- c:\program files\czshare
2009-05-13 05:05 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 12:12 . 2009-05-08 11:03 -------- d-----w- c:\program files\Aegisub
2009-05-07 17:57 . 2008-03-23 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 21:51 . 2008-05-01 14:10 -------- d-----w- c:\program files\@_util
2009-05-04 18:14 . 2009-05-04 18:14 -------- d-----w- c:\program files\TimeAdjuster
2009-05-01 18:29 . 2009-05-01 18:06 -------- d-----w- c:\program files\ConvertHelper
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-29 19:39 . 2008-03-23 18:17 737280 ----a-w- c:\windows\iun6002.exe
2009-01-03 19:06 . 2009-01-03 17:17 1378336 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
------- Sigcheck -------
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2009-02-22 19:37 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-17 13:57 2017280 7715EDDD01EDFEF9EF335D29C6DFE212 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2017280 D6C6C7C38AB140251BAF5392B50F2FB6 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2025984 6045C7424106CCA4C9970C7230BD6253 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2025984 9F12E026DC0B0C43F521114EFB3A3ACC c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 11:26 2025984 6DD6966FA0FF770A3E5545875557C7F1 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-17 13:45 2150400 84FEF6BE553ACC66729F5D4113F53310 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:08 2137600 A97A571360EEEE9D1443A155D6B70CF8 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2147328 FFEB7726951F6D2859DF12FBC51F0188 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:36 2147328 27C7A7AED8A477F6A0C7D3AD00AB9419 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2147328 6499BF91CF62B4319D6ED7E99D0B6998 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-17 13:49 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2004-08-18 11:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-17 13:49 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3qfe\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 1548288 5CA2E2BA624D6F2C7A581C91E70394CB c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 13:49 171008 421184F91EAE5C6E78E653C6B32AAE84 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\system32\appmgmts.dll
[-] 2004-08-17 13:45 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Namedate"="c:\program files\nezmeskej\nezmeskej.exe" [2007-05-01 923136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"VirtualCloneDrive"="c:\aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2009-1-29 206848]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-22 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-22 663552]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Shrink Pic.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Aplikace\\Utils\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\RM.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\Studio.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\umi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Aplikace\\Utils\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Jabbim\\jabbim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:hptisk
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.5.2008 9:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2008 9:13 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.6.2009 20:32 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.6.2009 20:32 409600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [23.3.2008 19:56 38656]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [7.5.2009 19:56 273152]
S2 gupdate1c9a4e08fc98cb0;Služba Google Update (gupdate1c9a4e08fc98cb0);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 22:07 133104]
S4 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [15.3.2009 18:47 582144]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - MBAMSwissArmy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-06-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\aplikace\Utils\TuneUP08\OneClick.exe [2007-12-21 14:17]
2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:07]
2009-06-18 c:\windows\Tasks\NeroLiveEpgUpdate-HENRY_Administrator.job
- d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\9dxildhr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\aplikace\Kancelar\Adobe\Reader8\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 20:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4BF00D1-CA0B-FF94-DB53-ED8C5D433410}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oanceoheikfendhkppiaecllfaheok"=hex:64,61,6f,6d,63,6f,63,62,00,d0
"oajdmmcfbkccdklcenbionofjpopjk"=hex:6a,61,6f,6d,6c,6e,63,64,6b,68,68,68,6d,69,
68,66,63,61,6e,63,00,fd
"nadcoooaiahijmdnmhpanilfhoke"=hex:6a,61,6f,6d,6c,6e,63,64,6b,68,68,68,6d,69,
68,66,63,61,6e,63,00,fd
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4ED7CD0-AF12-D6B7-215E-994BD66B03DC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegfmgeccekdddedn"=hex:6a,61,70,61,6c,6b,6f,6b,67,65,67,6c,66,62,63,64,63,68,
63,64,00,01
"hakfnnpagdhhaamm"=hex:6a,61,70,61,6c,6b,6f,6b,67,65,67,6c,66,62,63,64,63,68,
63,64,00,01
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,01,9f,29,2b,fd,
ee,12,73,c8,28,51,af,b0,29,a3,98,71,84,62,2a,b4,09,3b,8f,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7e,90,73,7d,1d,
61,c1,e1,71,3b,04,66,8b,46,0d,96,3e,23,63,b5,f0,c9,d8,b8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,84,a7,82,d3,bf,
25,cb,6d,25,da,ec,7e,55,20,c9,26,3d,ed,3e,05,ae,dc,76,30,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,5c,62,23,fb,83,
77,19,fc,3e,1e,9e,e0,57,5a,93,61,d6,f0,4d,93,59,f0,4a,a2,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,78,34,a3,9d,3c,
bf,22,36,cd,44,cd,b9,a6,33,6c,cd,4f,97,a0,35,04,be,f1,f5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2d,50,5f,c4,04,
8e,08,0e,b0,18,ed,a7,3f,8d,37,a4,34,b1,be,7a,80,16,0d,56,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,2f,78,4f,d0,ac,
05,21,87,31,77,e1,ba,b1,f8,68,02,e1,d2,0a,af,7e,19,70,d5,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,14,a6,5d,1f,d2,
61,1c,e5,83,6c,56,8b,a0,85,96,ab,bf,93,f0,18,38,db,3f,4b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d0,77,1b,74,28,
86,00,76,51,fa,6e,91,28,9e,14,cc,89,f8,73,62,ae,10,78,7f,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,54,32,1c,a0,94,
d0,f4,5e,b1,cd,45,5a,a8,c4,f8,b9,eb,44,e9,13,79,0e,9c,9b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4a,2d,3a,b8,da,
2f,53,16,e3,0e,66,d5,eb,bc,2f,6b,63,73,a4,73,a5,c5,12,c0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,36,3e,a3,97,
27,fd,34,fa,ea,66,7f,d4,3b,6b,70,70,59,3f,36,f1,10,4d,55,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(696)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-26 20:25
ComboFix-quarantined-files.txt 2009-06-26 18:25
ComboFix2.txt 2009-01-03 15:46
Před spuštěním: 2 454 896 640
Po spuštění: 2 464 407 552
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
428 --- E O F --- 2009-06-11 21:50
Na začátku všeho bylo slovo a ve slově byly dva bajty, a víc nebylo nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu:
Toto otestuj na Virustotal
c:\windows\flashax.exe
c:\windows\impborl.dll
Vlož sem pak odkazy výsledků.
toto znáš:
c:\program files\@_util ?
c:\windows\flashax.exe
c:\windows\impborl.dll
Vlož sem pak odkazy výsledků.
toto znáš:
c:\program files\@_util ?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mikrob48
- nováček
- Příspěvky: 11
- Registrován: červen 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu logu:
toto znáš:
c:\program files\@_util ? - nerozumím, je tam HJT
výsledky z VirusTotalu:
Soubor impborl.dll přijatý 2009.06.26 20:07:18 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.26 -
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.26 -
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.26 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1441 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 Win32.Exploit.Debplo
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.26 -
F-Secure 8.0.14470.0 2009.06.26 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.64.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.26 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5658 2009.06.26 -
McAfee+Artemis 5658 2009.06.26 -
McAfee-GW-Edition 6.7.6 2009.06.26 -
Microsoft 1.4803 2009.06.26 -
NOD32 4193 2009.06.26 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.26 -
Rising 21.35.44.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.355 2009.06.26 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.26 -
Rozšiřující informace
File size: 12288 bytes
MD5...: 23a38a0f3b5fb112809c339725a9e318
SHA1..: 165dc2cb79d167b53bd35d42eb9ff33087040a19
SHA256: 7f86b2a4d53df100d8572c1615e809c11df9765054e394773b033aed083719ff
ssdeep: 96:nPB9vXw1t01Uy2iByFUNes/Nrt0M8Kt0gufpo6Fn86wP6ITMNF4mBlRntK+lR<br>ntK:nXBy03Bt0gS26F86wPtwHVBlRllR<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x0<br>timedatestamp.....: 0x1b2d1e5b (Wed Jun 13 02:28:43 1984)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x10000 0x2000 0x1200 6.13 c7edab24061a3b567d1b9798b13fb790<br>DATA 0x20000 0x1000 0xe00 6.65 0e4ceb9e934670255841ec56b25cc3ef<br>.edata 0x30000 0x1000 0x200 1.01 9e3fd74b7bd9f9d88e3a66bc23d4d823<br>.reloc 0x40000 0x1000 0x200 0.69 ca0006d938d1ca56ae4d9ddd8a4d3826<br><br>( 0 imports ) <br><br>( 3 exports ) <br>_crc32, _explode, _implode<br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=23a38a0f3b5fb112809c339725a9e318' target='_blank'>http://www.threatexpert.com/report.aspx?md5=23a38a0f3b5fb112809c339725a9e318</a>
Soubor flashax.exe přijatý 2009.06.26 19:58:18 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.26 W32/Heuristic-PCA!Eldorado
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.26 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1440 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.26 W32/Heuristic-PCA!Eldorado
F-Secure 8.0.14470.0 2009.06.26 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.64.0 2009.06.26 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5658 2009.06.26 -
McAfee+Artemis 5658 2009.06.26 -
McAfee-GW-Edition 6.7.6 2009.06.26 Win32.Malware.gen#ASPack (suspicious)
Microsoft 1.4803 2009.06.26 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.26 -
Rising 21.35.44.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
TheHacker 6.3.4.3.355 2009.06.26 -
TrendMicro 8.950.0.1094 2009.06.26 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.26 -
Rozšiřující informace
File size: 545280 bytes
MD5...: 8147259b28c304c333d43f298184087a
SHA1..: ba89d2b257fda3ce2d973f869f64986167ffe4b6
SHA256: f53a551d5b39bcdb513ea065176aa61d7fc533d31fa585c3e826361450a873af
ssdeep: 12288:SpiC7uqn37iVvNiRm57NQ0te58OoXKTuSl3Z:SpiC71rMvNh7K95NoXFSl<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.2%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.6%)<br>DOS Executable Generic (13.6%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x9b001<br>timedatestamp.....: 0x32d64001 (Fri Jan 10 13:11:29 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x10000 0x7a00 7.98 22558cd6ad00548c9e8dad8cebc14488<br>.data 0x11000 0xa000 0x800 7.88 0fd8ad699200015e35ef7a6c172020ef<br>.rsrc 0x1b000 0x7e000 0x7a000 8.00 ff7cc1ed5ec1dc0d34d97290ae67c66a<br>.reloc 0x99000 0x2000 0x1000 7.93 c7b5a7bcde3bf6ba1f074d92c0abe787<br>.aspack 0x9b000 0x2000 0x1a00 5.52 9c96865e4a8aaee90e3ce1d0caa1c34f<br>.zwt 0x9e000 0x1000 0x800 0.00 d41d8cd98f00b204e9800998ecf8427e<br><br>( 6 imports ) <br>> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA<br>> advapi32.dll: RegDeleteValueA<br>> gdi32.dll: GetDeviceCaps<br>> user32.dll: PeekMessageA<br>> comctl32.dll: -<br>> version.dll: GetFileVersionInfoA<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
packers (Kaspersky): ASPack
packers (F-Prot): Aspack
packers (Authentium): Aspack
c:\program files\@_util ? - nerozumím, je tam HJT
výsledky z VirusTotalu:
Soubor impborl.dll přijatý 2009.06.26 20:07:18 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.26 -
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.26 -
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.26 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1441 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 Win32.Exploit.Debplo
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.26 -
F-Secure 8.0.14470.0 2009.06.26 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.64.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.26 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5658 2009.06.26 -
McAfee+Artemis 5658 2009.06.26 -
McAfee-GW-Edition 6.7.6 2009.06.26 -
Microsoft 1.4803 2009.06.26 -
NOD32 4193 2009.06.26 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.26 -
Rising 21.35.44.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.355 2009.06.26 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.26 -
Rozšiřující informace
File size: 12288 bytes
MD5...: 23a38a0f3b5fb112809c339725a9e318
SHA1..: 165dc2cb79d167b53bd35d42eb9ff33087040a19
SHA256: 7f86b2a4d53df100d8572c1615e809c11df9765054e394773b033aed083719ff
ssdeep: 96:nPB9vXw1t01Uy2iByFUNes/Nrt0M8Kt0gufpo6Fn86wP6ITMNF4mBlRntK+lR<br>ntK:nXBy03Bt0gS26F86wPtwHVBlRllR<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x0<br>timedatestamp.....: 0x1b2d1e5b (Wed Jun 13 02:28:43 1984)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x10000 0x2000 0x1200 6.13 c7edab24061a3b567d1b9798b13fb790<br>DATA 0x20000 0x1000 0xe00 6.65 0e4ceb9e934670255841ec56b25cc3ef<br>.edata 0x30000 0x1000 0x200 1.01 9e3fd74b7bd9f9d88e3a66bc23d4d823<br>.reloc 0x40000 0x1000 0x200 0.69 ca0006d938d1ca56ae4d9ddd8a4d3826<br><br>( 0 imports ) <br><br>( 3 exports ) <br>_crc32, _explode, _implode<br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=23a38a0f3b5fb112809c339725a9e318' target='_blank'>http://www.threatexpert.com/report.aspx?md5=23a38a0f3b5fb112809c339725a9e318</a>
Soubor flashax.exe přijatý 2009.06.26 19:58:18 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.26 W32/Heuristic-PCA!Eldorado
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.26 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1440 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.26 W32/Heuristic-PCA!Eldorado
F-Secure 8.0.14470.0 2009.06.26 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.64.0 2009.06.26 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5658 2009.06.26 -
McAfee+Artemis 5658 2009.06.26 -
McAfee-GW-Edition 6.7.6 2009.06.26 Win32.Malware.gen#ASPack (suspicious)
Microsoft 1.4803 2009.06.26 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.26 -
Rising 21.35.44.00 2009.06.26 -
Sophos 4.43.0 2009.06.26 -
Sunbelt 3.2.1858.2 2009.06.25 -
TheHacker 6.3.4.3.355 2009.06.26 -
TrendMicro 8.950.0.1094 2009.06.26 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.26 -
Rozšiřující informace
File size: 545280 bytes
MD5...: 8147259b28c304c333d43f298184087a
SHA1..: ba89d2b257fda3ce2d973f869f64986167ffe4b6
SHA256: f53a551d5b39bcdb513ea065176aa61d7fc533d31fa585c3e826361450a873af
ssdeep: 12288:SpiC7uqn37iVvNiRm57NQ0te58OoXKTuSl3Z:SpiC71rMvNh7K95NoXFSl<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.2%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.6%)<br>DOS Executable Generic (13.6%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x9b001<br>timedatestamp.....: 0x32d64001 (Fri Jan 10 13:11:29 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x10000 0x7a00 7.98 22558cd6ad00548c9e8dad8cebc14488<br>.data 0x11000 0xa000 0x800 7.88 0fd8ad699200015e35ef7a6c172020ef<br>.rsrc 0x1b000 0x7e000 0x7a000 8.00 ff7cc1ed5ec1dc0d34d97290ae67c66a<br>.reloc 0x99000 0x2000 0x1000 7.93 c7b5a7bcde3bf6ba1f074d92c0abe787<br>.aspack 0x9b000 0x2000 0x1a00 5.52 9c96865e4a8aaee90e3ce1d0caa1c34f<br>.zwt 0x9e000 0x1000 0x800 0.00 d41d8cd98f00b204e9800998ecf8427e<br><br>( 6 imports ) <br>> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA<br>> advapi32.dll: RegDeleteValueA<br>> gdi32.dll: GetDeviceCaps<br>> user32.dll: PeekMessageA<br>> comctl32.dll: -<br>> version.dll: GetFileVersionInfoA<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
packers (Kaspersky): ASPack
packers (F-Prot): Aspack
packers (Authentium): Aspack
Na začátku všeho bylo slovo a ve slově byly dva bajty, a víc nebylo nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu:
O.K. , příště stačí vložit odkaz na stránku s výsledky antivirů.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zítra se podívám a dokončíme to.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\iun6002.exe
c:\windows\system32\drivers\fidbox.dat
c:\windows\flashax.exe
c:\windows\impborl.dll
Regnull::
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4BF00D1-CA0B-FF94-DB53-ED8C5D433410}*]
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4ED7CD0-AF12-D6B7-215E-994BD66B03DC}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zítra se podívám a dokončíme to.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mikrob48
- nováček
- Příspěvky: 11
- Registrován: červen 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu logu:
tak jsem to provedl, zítra tedy nashle a zatím díky,tady je výsledek:
ComboFix 09-06-26.02 - Administrator 26.06.2009 22:21.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1380 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\flashax.exe"
"c:\windows\impborl.dll"
"c:\windows\iun6002.exe"
"c:\windows\system32\drivers\fidbox.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\flashax.exe
c:\windows\impborl.dll
c:\windows\iun6002.exe
c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-26 do 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-26 18:24 . 2009-06-26 18:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 18:33 . 2008-08-12 19:30 90112 ------r- c:\windows\system32\CardID.dll
2009-06-22 18:33 . 2007-02-09 05:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-06-22 18:33 . 2005-04-29 11:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-06-22 18:33 . 2008-07-04 10:28 249856 ------r- c:\windows\system32\sptlib01.dll
2009-06-22 18:33 . 2008-07-03 05:37 245760 ------r- c:\windows\system32\sptlib03.dll
2009-06-22 18:33 . 2007-03-17 01:27 253952 ------r- c:\windows\system32\sptlib02.dll
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\AVerMedia
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-06-21 13:15 . 2009-06-21 13:15 -------- d-----w- c:\program files\MSECache
2009-06-21 13:15 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 13:13 . 2009-06-21 13:14 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft.NET
2009-06-19 08:12 . 2009-06-19 08:12 -------- d-----w- c:\program files\ClocX
2009-06-13 14:00 . 2009-06-13 14:00 -------- d-----w- c:\program files\Shrink Pic
2009-06-12 08:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-12 08:20 . 2009-06-12 08:21 -------- d-----w- c:\program files\PDFCreator
2009-06-12 08:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-11 13:53 . 2009-06-11 14:10 -------- d-----w- c:\program files\MKVTOAVI
2009-06-11 11:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 11:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-05 07:18 . 2009-06-05 07:18 -------- d-----r- c:\program files\Skype
2009-06-01 08:00 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2009-06-01 07:47 . 2009-06-01 07:47 -------- d-----w- c:\program files\JDownloader 0.5.917
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-05-28 13:10 . 2009-06-11 21:50 -------- d-----w- c:\windows\ie8updates
2009-05-28 13:09 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 13:08 . 2009-05-28 13:09 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:37 . 2009-01-03 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 14:43 . 2004-08-18 11:00 79526 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 14:43 . 2004-08-18 11:00 432734 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 14:43 . 2008-03-24 15:49 -------- d-----w- c:\program files\ancestry
2009-06-21 13:09 . 2009-02-04 19:25 -------- d-----w- c:\program files\Microsoft
2009-06-21 13:05 . 2008-03-23 13:42 -------- d-----w- c:\program files\MSBuild
2009-06-17 09:27 . 2009-01-03 10:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-01-03 10:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 07:13 . 2008-07-27 15:37 160521 ----a-w- c:\windows\hpoins21.dat
2009-06-13 08:54 . 2009-02-04 19:24 -------- d-----w- c:\program files\Windows Live
2009-06-06 11:10 . 2009-03-25 07:59 -------- d-----w- c:\program files\VITSOFT
2009-06-06 11:10 . 2008-11-22 20:45 -------- d-----w- c:\program files\downloader
2009-06-02 07:56 . 2008-08-15 08:00 -------- d-----w- c:\program files\IObit
2009-05-31 14:46 . 2008-03-24 10:25 -------- d-----w- c:\program files\Google
2009-05-13 19:41 . 2009-05-13 16:50 -------- d-----w- c:\program files\czshare
2009-05-13 05:05 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 12:12 . 2009-05-08 11:03 -------- d-----w- c:\program files\Aegisub
2009-05-07 17:57 . 2008-03-23 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 21:51 . 2008-05-01 14:10 -------- d-----w- c:\program files\@_util
2009-05-04 18:14 . 2009-05-04 18:14 -------- d-----w- c:\program files\TimeAdjuster
2009-05-01 18:29 . 2009-05-01 18:06 -------- d-----w- c:\program files\ConvertHelper
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2009-02-22 19:37 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-17 13:57 2017280 7715EDDD01EDFEF9EF335D29C6DFE212 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2017280 D6C6C7C38AB140251BAF5392B50F2FB6 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2025984 6045C7424106CCA4C9970C7230BD6253 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2025984 9F12E026DC0B0C43F521114EFB3A3ACC c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 11:26 2025984 6DD6966FA0FF770A3E5545875557C7F1 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-17 13:45 2150400 84FEF6BE553ACC66729F5D4113F53310 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:08 2137600 A97A571360EEEE9D1443A155D6B70CF8 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2147328 FFEB7726951F6D2859DF12FBC51F0188 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:36 2147328 27C7A7AED8A477F6A0C7D3AD00AB9419 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2147328 6499BF91CF62B4319D6ED7E99D0B6998 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-17 13:49 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2004-08-18 11:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-17 13:49 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3qfe\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 1548288 5CA2E2BA624D6F2C7A581C91E70394CB c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 13:49 171008 421184F91EAE5C6E78E653C6B32AAE84 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\system32\appmgmts.dll
[-] 2004-08-17 13:45 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-26_18.24.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 20:23 . 2009-06-26 20:23 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2009-06-26 20:24 . 2009-06-26 20:24 16384 c:\windows\Temp\Perflib_Perfdata_34c.dat
+ 2009-06-26 18:24 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 18:24 . 2009-05-13 05:05 915456 c:\windows\system32\dllcache\cache\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Namedate"="c:\program files\nezmeskej\nezmeskej.exe" [2007-05-01 923136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"VirtualCloneDrive"="c:\aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2009-1-29 206848]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-22 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-22 663552]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Shrink Pic.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Aplikace\\Utils\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\RM.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\Studio.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\umi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Aplikace\\Utils\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Jabbim\\jabbim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:hptisk
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.5.2008 9:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2008 9:13 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.6.2009 20:32 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.6.2009 20:32 409600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [23.3.2008 19:56 38656]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [7.5.2009 19:56 273152]
S2 gupdate1c9a4e08fc98cb0;Služba Google Update (gupdate1c9a4e08fc98cb0);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 22:07 133104]
S4 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [15.3.2009 18:47 582144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-06-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\aplikace\Utils\TuneUP08\OneClick.exe [2007-12-21 14:17]
2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:07]
2009-06-18 c:\windows\Tasks\NeroLiveEpgUpdate-HENRY_Administrator.job
- d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\9dxildhr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\aplikace\Kancelar\Adobe\Reader8\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7e,90,73,7d,1d,
61,c1,e1,71,3b,04,66,8b,46,0d,96,3e,23,63,b5,f0,c9,d8,b8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,84,a7,82,d3,bf,
25,cb,6d,25,da,ec,7e,55,20,c9,26,3d,ed,3e,05,ae,dc,76,30,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,5c,62,23,fb,83,
77,19,fc,3e,1e,9e,e0,57,5a,93,61,d6,f0,4d,93,59,f0,4a,a2,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,78,34,a3,9d,3c,
bf,22,36,cd,44,cd,b9,a6,33,6c,cd,4f,97,a0,35,04,be,f1,f5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2d,50,5f,c4,04,
8e,08,0e,b0,18,ed,a7,3f,8d,37,a4,34,b1,be,7a,80,16,0d,56,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,2f,78,4f,d0,ac,
05,21,87,31,77,e1,ba,b1,f8,68,02,e1,d2,0a,af,7e,19,70,d5,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,14,a6,5d,1f,d2,
61,1c,e5,83,6c,56,8b,a0,85,96,ab,bf,93,f0,18,38,db,3f,4b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d0,77,1b,74,28,
86,00,76,51,fa,6e,91,28,9e,14,cc,89,f8,73,62,ae,10,78,7f,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,54,32,1c,a0,94,
d0,f4,5e,b1,cd,45,5a,a8,c4,f8,b9,eb,44,e9,13,79,0e,9c,9b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4a,2d,3a,b8,da,
2f,53,16,e3,0e,66,d5,eb,bc,2f,6b,63,73,a4,73,a5,c5,12,c0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,36,3e,a3,97,
27,fd,34,fa,ea,66,7f,d4,3b,6b,70,70,59,3f,36,f1,10,4d,55,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3256)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-06-26 22:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-26 20:27
ComboFix2.txt 2009-06-26 18:25
ComboFix3.txt 2009-01-03 15:46
Před spuštěním: 2 441 084 928
Po spuštění: 2 419 003 392
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
434 --- E O F --- 2009-06-11 21:50
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:18, on 26.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Aplikace\Kancelar\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Namedate] C:\Program Files\nezmeskej\nezmeskej.exe s s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\Aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Aplikace\Kancelar\Office03\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Služba Google Update (gupdate1c9a4e08fc98cb0) (gupdate1c9a4e08fc98cb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Aplikace\Utils\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 13333 bytes
ComboFix 09-06-26.02 - Administrator 26.06.2009 22:21.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1380 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\flashax.exe"
"c:\windows\impborl.dll"
"c:\windows\iun6002.exe"
"c:\windows\system32\drivers\fidbox.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\flashax.exe
c:\windows\impborl.dll
c:\windows\iun6002.exe
c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-26 do 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-26 18:24 . 2009-06-26 18:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 18:33 . 2008-08-12 19:30 90112 ------r- c:\windows\system32\CardID.dll
2009-06-22 18:33 . 2007-02-09 05:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-06-22 18:33 . 2005-04-29 11:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-06-22 18:33 . 2008-07-04 10:28 249856 ------r- c:\windows\system32\sptlib01.dll
2009-06-22 18:33 . 2008-07-03 05:37 245760 ------r- c:\windows\system32\sptlib03.dll
2009-06-22 18:33 . 2007-03-17 01:27 253952 ------r- c:\windows\system32\sptlib02.dll
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\AVerMedia
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-06-21 13:15 . 2009-06-21 13:15 -------- d-----w- c:\program files\MSECache
2009-06-21 13:15 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 13:13 . 2009-06-21 13:14 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft.NET
2009-06-19 08:12 . 2009-06-19 08:12 -------- d-----w- c:\program files\ClocX
2009-06-13 14:00 . 2009-06-13 14:00 -------- d-----w- c:\program files\Shrink Pic
2009-06-12 08:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-12 08:20 . 2009-06-12 08:21 -------- d-----w- c:\program files\PDFCreator
2009-06-12 08:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-11 13:53 . 2009-06-11 14:10 -------- d-----w- c:\program files\MKVTOAVI
2009-06-11 11:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 11:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-05 07:18 . 2009-06-05 07:18 -------- d-----r- c:\program files\Skype
2009-06-01 08:00 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2009-06-01 07:47 . 2009-06-01 07:47 -------- d-----w- c:\program files\JDownloader 0.5.917
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-05-28 13:10 . 2009-06-11 21:50 -------- d-----w- c:\windows\ie8updates
2009-05-28 13:09 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 13:08 . 2009-05-28 13:09 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:37 . 2009-01-03 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 14:43 . 2004-08-18 11:00 79526 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 14:43 . 2004-08-18 11:00 432734 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 14:43 . 2008-03-24 15:49 -------- d-----w- c:\program files\ancestry
2009-06-21 13:09 . 2009-02-04 19:25 -------- d-----w- c:\program files\Microsoft
2009-06-21 13:05 . 2008-03-23 13:42 -------- d-----w- c:\program files\MSBuild
2009-06-17 09:27 . 2009-01-03 10:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-01-03 10:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 07:13 . 2008-07-27 15:37 160521 ----a-w- c:\windows\hpoins21.dat
2009-06-13 08:54 . 2009-02-04 19:24 -------- d-----w- c:\program files\Windows Live
2009-06-06 11:10 . 2009-03-25 07:59 -------- d-----w- c:\program files\VITSOFT
2009-06-06 11:10 . 2008-11-22 20:45 -------- d-----w- c:\program files\downloader
2009-06-02 07:56 . 2008-08-15 08:00 -------- d-----w- c:\program files\IObit
2009-05-31 14:46 . 2008-03-24 10:25 -------- d-----w- c:\program files\Google
2009-05-13 19:41 . 2009-05-13 16:50 -------- d-----w- c:\program files\czshare
2009-05-13 05:05 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 12:12 . 2009-05-08 11:03 -------- d-----w- c:\program files\Aegisub
2009-05-07 17:57 . 2008-03-23 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 21:51 . 2008-05-01 14:10 -------- d-----w- c:\program files\@_util
2009-05-04 18:14 . 2009-05-04 18:14 -------- d-----w- c:\program files\TimeAdjuster
2009-05-01 18:29 . 2009-05-01 18:06 -------- d-----w- c:\program files\ConvertHelper
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2009-02-22 19:37 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-17 13:57 2017280 7715EDDD01EDFEF9EF335D29C6DFE212 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2017280 D6C6C7C38AB140251BAF5392B50F2FB6 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2025984 6045C7424106CCA4C9970C7230BD6253 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2025984 9F12E026DC0B0C43F521114EFB3A3ACC c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 11:26 2025984 6DD6966FA0FF770A3E5545875557C7F1 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-17 13:45 2150400 84FEF6BE553ACC66729F5D4113F53310 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:08 2137600 A97A571360EEEE9D1443A155D6B70CF8 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2147328 FFEB7726951F6D2859DF12FBC51F0188 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:36 2147328 27C7A7AED8A477F6A0C7D3AD00AB9419 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2147328 6499BF91CF62B4319D6ED7E99D0B6998 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-17 13:49 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2004-08-18 11:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-17 13:49 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3qfe\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 1548288 5CA2E2BA624D6F2C7A581C91E70394CB c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 13:49 171008 421184F91EAE5C6E78E653C6B32AAE84 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\system32\appmgmts.dll
[-] 2004-08-17 13:45 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-26_18.24.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 20:23 . 2009-06-26 20:23 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2009-06-26 20:24 . 2009-06-26 20:24 16384 c:\windows\Temp\Perflib_Perfdata_34c.dat
+ 2009-06-26 18:24 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 18:24 . 2009-05-13 05:05 915456 c:\windows\system32\dllcache\cache\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Namedate"="c:\program files\nezmeskej\nezmeskej.exe" [2007-05-01 923136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"VirtualCloneDrive"="c:\aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2009-1-29 206848]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-22 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-22 663552]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Shrink Pic.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Aplikace\\Utils\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\RM.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\Studio.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\umi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Aplikace\\Utils\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Jabbim\\jabbim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:hptisk
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.5.2008 9:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2008 9:13 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.6.2009 20:32 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.6.2009 20:32 409600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [23.3.2008 19:56 38656]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [7.5.2009 19:56 273152]
S2 gupdate1c9a4e08fc98cb0;Služba Google Update (gupdate1c9a4e08fc98cb0);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 22:07 133104]
S4 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [15.3.2009 18:47 582144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-06-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\aplikace\Utils\TuneUP08\OneClick.exe [2007-12-21 14:17]
2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:07]
2009-06-18 c:\windows\Tasks\NeroLiveEpgUpdate-HENRY_Administrator.job
- d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\9dxildhr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\aplikace\Kancelar\Adobe\Reader8\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7e,90,73,7d,1d,
61,c1,e1,71,3b,04,66,8b,46,0d,96,3e,23,63,b5,f0,c9,d8,b8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,84,a7,82,d3,bf,
25,cb,6d,25,da,ec,7e,55,20,c9,26,3d,ed,3e,05,ae,dc,76,30,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,5c,62,23,fb,83,
77,19,fc,3e,1e,9e,e0,57,5a,93,61,d6,f0,4d,93,59,f0,4a,a2,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,78,34,a3,9d,3c,
bf,22,36,cd,44,cd,b9,a6,33,6c,cd,4f,97,a0,35,04,be,f1,f5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2d,50,5f,c4,04,
8e,08,0e,b0,18,ed,a7,3f,8d,37,a4,34,b1,be,7a,80,16,0d,56,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,2f,78,4f,d0,ac,
05,21,87,31,77,e1,ba,b1,f8,68,02,e1,d2,0a,af,7e,19,70,d5,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,14,a6,5d,1f,d2,
61,1c,e5,83,6c,56,8b,a0,85,96,ab,bf,93,f0,18,38,db,3f,4b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d0,77,1b,74,28,
86,00,76,51,fa,6e,91,28,9e,14,cc,89,f8,73,62,ae,10,78,7f,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,54,32,1c,a0,94,
d0,f4,5e,b1,cd,45,5a,a8,c4,f8,b9,eb,44,e9,13,79,0e,9c,9b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4a,2d,3a,b8,da,
2f,53,16,e3,0e,66,d5,eb,bc,2f,6b,63,73,a4,73,a5,c5,12,c0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,36,3e,a3,97,
27,fd,34,fa,ea,66,7f,d4,3b,6b,70,70,59,3f,36,f1,10,4d,55,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3256)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-06-26 22:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-26 20:27
ComboFix2.txt 2009-06-26 18:25
ComboFix3.txt 2009-01-03 15:46
Před spuštěním: 2 441 084 928
Po spuštění: 2 419 003 392
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
434 --- E O F --- 2009-06-11 21:50
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:18, on 26.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Aplikace\Kancelar\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Namedate] C:\Program Files\nezmeskej\nezmeskej.exe s s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\Aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Aplikace\Kancelar\Office03\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Služba Google Update (gupdate1c9a4e08fc98cb0) (gupdate1c9a4e08fc98cb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Aplikace\Utils\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 13333 bytes
Na začátku všeho bylo slovo a ve slově byly dva bajty, a víc nebylo nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu . Log z HJT dávat nemusíš.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu . Log z HJT dávat nemusíš.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mikrob48
- nováček
- Příspěvky: 11
- Registrován: červen 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: prosím o kontrolu logu:
dnešní log:
ComboFix 09-06-26.02 - Administrator 27.06.2009 9:08.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1580 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-27 do 2009-06-27 )))))))))))))))))))))))))))))))
.
2009-06-26 18:24 . 2009-06-26 18:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 18:33 . 2008-08-12 19:30 90112 ------r- c:\windows\system32\CardID.dll
2009-06-22 18:33 . 2007-02-09 05:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-06-22 18:33 . 2005-04-29 11:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-06-22 18:33 . 2008-07-04 10:28 249856 ------r- c:\windows\system32\sptlib01.dll
2009-06-22 18:33 . 2008-07-03 05:37 245760 ------r- c:\windows\system32\sptlib03.dll
2009-06-22 18:33 . 2007-03-17 01:27 253952 ------r- c:\windows\system32\sptlib02.dll
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\AVerMedia
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-06-21 13:15 . 2009-06-21 13:15 -------- d-----w- c:\program files\MSECache
2009-06-21 13:15 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 13:13 . 2009-06-21 13:14 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft.NET
2009-06-19 08:12 . 2009-06-19 08:12 -------- d-----w- c:\program files\ClocX
2009-06-13 14:00 . 2009-06-13 14:00 -------- d-----w- c:\program files\Shrink Pic
2009-06-12 08:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-12 08:20 . 2009-06-12 08:21 -------- d-----w- c:\program files\PDFCreator
2009-06-12 08:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-11 13:53 . 2009-06-11 14:10 -------- d-----w- c:\program files\MKVTOAVI
2009-06-11 11:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 11:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-05 07:18 . 2009-06-05 07:18 -------- d-----r- c:\program files\Skype
2009-06-01 08:00 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2009-06-01 07:47 . 2009-06-01 07:47 -------- d-----w- c:\program files\JDownloader 0.5.917
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-05-28 13:10 . 2009-06-11 21:50 -------- d-----w- c:\windows\ie8updates
2009-05-28 13:09 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 13:08 . 2009-05-28 13:09 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:37 . 2009-01-03 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 14:43 . 2004-08-18 11:00 79526 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 14:43 . 2004-08-18 11:00 432734 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 14:43 . 2008-03-24 15:49 -------- d-----w- c:\program files\ancestry
2009-06-21 13:09 . 2009-02-04 19:25 -------- d-----w- c:\program files\Microsoft
2009-06-21 13:05 . 2008-03-23 13:42 -------- d-----w- c:\program files\MSBuild
2009-06-17 09:27 . 2009-01-03 10:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-01-03 10:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 07:13 . 2008-07-27 15:37 160521 ----a-w- c:\windows\hpoins21.dat
2009-06-13 08:54 . 2009-02-04 19:24 -------- d-----w- c:\program files\Windows Live
2009-06-06 11:10 . 2009-03-25 07:59 -------- d-----w- c:\program files\VITSOFT
2009-06-06 11:10 . 2008-11-22 20:45 -------- d-----w- c:\program files\downloader
2009-06-02 07:56 . 2008-08-15 08:00 -------- d-----w- c:\program files\IObit
2009-05-31 14:46 . 2008-03-24 10:25 -------- d-----w- c:\program files\Google
2009-05-13 19:41 . 2009-05-13 16:50 -------- d-----w- c:\program files\czshare
2009-05-13 05:05 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 12:12 . 2009-05-08 11:03 -------- d-----w- c:\program files\Aegisub
2009-05-07 17:57 . 2008-03-23 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 21:51 . 2008-05-01 14:10 -------- d-----w- c:\program files\HJT
2009-05-04 18:14 . 2009-05-04 18:14 -------- d-----w- c:\program files\TimeAdjuster
2009-05-01 18:29 . 2009-05-01 18:06 -------- d-----w- c:\program files\ConvertHelper
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2009-02-22 19:37 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-17 13:57 2017280 7715EDDD01EDFEF9EF335D29C6DFE212 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2017280 D6C6C7C38AB140251BAF5392B50F2FB6 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2025984 6045C7424106CCA4C9970C7230BD6253 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2025984 9F12E026DC0B0C43F521114EFB3A3ACC c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 11:26 2025984 6DD6966FA0FF770A3E5545875557C7F1 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-17 13:45 2150400 84FEF6BE553ACC66729F5D4113F53310 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:08 2137600 A97A571360EEEE9D1443A155D6B70CF8 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2147328 FFEB7726951F6D2859DF12FBC51F0188 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:36 2147328 27C7A7AED8A477F6A0C7D3AD00AB9419 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2147328 6499BF91CF62B4319D6ED7E99D0B6998 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-17 13:49 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2004-08-18 11:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-17 13:49 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3qfe\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 1548288 5CA2E2BA624D6F2C7A581C91E70394CB c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 13:49 171008 421184F91EAE5C6E78E653C6B32AAE84 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\system32\appmgmts.dll
[-] 2004-08-17 13:45 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-26_18.24.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 05:48 . 2009-06-27 05:48 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
+ 2009-06-27 05:48 . 2009-06-27 05:48 16384 c:\windows\Temp\Perflib_Perfdata_658.dat
+ 2009-06-26 18:24 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 18:24 . 2009-05-13 05:05 915456 c:\windows\system32\dllcache\cache\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Namedate"="c:\program files\nezmeskej\nezmeskej.exe" [2007-05-01 923136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"VirtualCloneDrive"="c:\aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2009-1-29 206848]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-22 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-22 663552]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Shrink Pic.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Aplikace\\Utils\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\RM.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\Studio.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\umi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Aplikace\\Utils\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Jabbim\\jabbim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:hptisk
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.5.2008 9:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2008 9:13 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.6.2009 20:32 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.6.2009 20:32 409600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [23.3.2008 19:56 38656]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [7.5.2009 19:56 273152]
S2 gupdate1c9a4e08fc98cb0;Služba Google Update (gupdate1c9a4e08fc98cb0);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 22:07 133104]
S4 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [15.3.2009 18:47 582144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-06-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\aplikace\Utils\TuneUP08\OneClick.exe [2007-12-21 14:17]
2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:07]
2009-06-18 c:\windows\Tasks\NeroLiveEpgUpdate-HENRY_Administrator.job
- d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\9dxildhr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\aplikace\Kancelar\Adobe\Reader8\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 09:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3040)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-27 9:11
ComboFix-quarantined-files.txt 2009-06-27 07:11
ComboFix2.txt 2009-06-26 20:30
ComboFix3.txt 2009-06-26 18:25
ComboFix4.txt 2009-01-03 15:46
Před spuštěním: 2 432 438 272
Po spuštění: 2 416 046 080
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
350 --- E O F --- 2009-06-11 21:50
ComboFix 09-06-26.02 - Administrator 27.06.2009 9:08.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1580 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-27 do 2009-06-27 )))))))))))))))))))))))))))))))
.
2009-06-26 18:24 . 2009-06-26 18:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 18:33 . 2008-08-12 19:30 90112 ------r- c:\windows\system32\CardID.dll
2009-06-22 18:33 . 2007-02-09 05:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-06-22 18:33 . 2005-04-29 11:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-06-22 18:33 . 2008-07-04 10:28 249856 ------r- c:\windows\system32\sptlib01.dll
2009-06-22 18:33 . 2008-07-03 05:37 245760 ------r- c:\windows\system32\sptlib03.dll
2009-06-22 18:33 . 2007-03-17 01:27 253952 ------r- c:\windows\system32\sptlib02.dll
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\AVerMedia
2009-06-22 18:32 . 2009-06-22 18:33 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-06-21 13:15 . 2009-06-21 13:15 -------- d-----w- c:\program files\MSECache
2009-06-21 13:15 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 13:13 . 2009-06-21 13:14 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 13:13 . 2009-06-21 13:13 -------- d-----w- c:\program files\Microsoft.NET
2009-06-19 08:12 . 2009-06-19 08:12 -------- d-----w- c:\program files\ClocX
2009-06-13 14:00 . 2009-06-13 14:00 -------- d-----w- c:\program files\Shrink Pic
2009-06-12 08:20 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-12 08:20 . 2009-06-12 08:21 -------- d-----w- c:\program files\PDFCreator
2009-06-12 08:20 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-11 13:53 . 2009-06-11 14:10 -------- d-----w- c:\program files\MKVTOAVI
2009-06-11 11:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 11:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-05 07:18 . 2009-06-05 07:18 -------- d-----r- c:\program files\Skype
2009-06-01 08:00 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2009-06-01 07:47 . 2009-06-01 07:47 -------- d-----w- c:\program files\JDownloader 0.5.917
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-28 13:58 . 2009-05-28 13:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-05-28 13:10 . 2009-06-11 21:50 -------- d-----w- c:\windows\ie8updates
2009-05-28 13:09 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 13:08 . 2009-05-28 13:09 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:37 . 2009-01-03 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 14:43 . 2004-08-18 11:00 79526 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 14:43 . 2004-08-18 11:00 432734 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 14:43 . 2008-03-24 15:49 -------- d-----w- c:\program files\ancestry
2009-06-21 13:09 . 2009-02-04 19:25 -------- d-----w- c:\program files\Microsoft
2009-06-21 13:05 . 2008-03-23 13:42 -------- d-----w- c:\program files\MSBuild
2009-06-17 09:27 . 2009-01-03 10:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-01-03 10:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 07:13 . 2008-07-27 15:37 160521 ----a-w- c:\windows\hpoins21.dat
2009-06-13 08:54 . 2009-02-04 19:24 -------- d-----w- c:\program files\Windows Live
2009-06-06 11:10 . 2009-03-25 07:59 -------- d-----w- c:\program files\VITSOFT
2009-06-06 11:10 . 2008-11-22 20:45 -------- d-----w- c:\program files\downloader
2009-06-02 07:56 . 2008-08-15 08:00 -------- d-----w- c:\program files\IObit
2009-05-31 14:46 . 2008-03-24 10:25 -------- d-----w- c:\program files\Google
2009-05-13 19:41 . 2009-05-13 16:50 -------- d-----w- c:\program files\czshare
2009-05-13 05:05 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 12:12 . 2009-05-08 11:03 -------- d-----w- c:\program files\Aegisub
2009-05-07 17:57 . 2008-03-23 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 21:51 . 2008-05-01 14:10 -------- d-----w- c:\program files\HJT
2009-05-04 18:14 . 2009-05-04 18:14 -------- d-----w- c:\program files\TimeAdjuster
2009-05-01 18:29 . 2009-05-01 18:06 -------- d-----w- c:\program files\ConvertHelper
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2009-02-22 19:37 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-17 13:57 2017280 7715EDDD01EDFEF9EF335D29C6DFE212 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2017280 D6C6C7C38AB140251BAF5392B50F2FB6 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2025984 6045C7424106CCA4C9970C7230BD6253 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2025984 9F12E026DC0B0C43F521114EFB3A3ACC c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 11:26 2025984 6DD6966FA0FF770A3E5545875557C7F1 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-17 13:45 2150400 84FEF6BE553ACC66729F5D4113F53310 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:08 2137600 A97A571360EEEE9D1443A155D6B70CF8 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2147328 FFEB7726951F6D2859DF12FBC51F0188 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:36 2147328 27C7A7AED8A477F6A0C7D3AD00AB9419 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2147328 6499BF91CF62B4319D6ED7E99D0B6998 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-17 13:49 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2004-08-18 11:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-17 13:49 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3qfe\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 1548288 5CA2E2BA624D6F2C7A581C91E70394CB c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 13:49 171008 421184F91EAE5C6E78E653C6B32AAE84 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 03:21 171008 6B8E7A90E576D4FE308F97C69060A171 c:\windows\system32\appmgmts.dll
[-] 2004-08-17 13:45 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-26_18.24.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 05:48 . 2009-06-27 05:48 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
+ 2009-06-27 05:48 . 2009-06-27 05:48 16384 c:\windows\Temp\Perflib_Perfdata_658.dat
+ 2009-06-26 18:24 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 18:24 . 2009-05-13 05:05 915456 c:\windows\system32\dllcache\cache\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Namedate"="c:\program files\nezmeskej\nezmeskej.exe" [2007-05-01 923136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"VirtualCloneDrive"="c:\aplikace\Utils\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2009-1-29 206848]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-6-22 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-6-22 663552]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Shrink Pic.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Aplikace\\Utils\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\RM.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\Studio.exe"=
"c:\\Aplikace\\Multimedia\\pinnacle\\Programs\\umi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Aplikace\\Utils\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Jabbim\\jabbim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:hptisk
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.5.2008 9:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2008 9:13 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.6.2009 20:32 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.6.2009 20:32 409600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [23.3.2008 19:56 38656]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [7.5.2009 19:56 273152]
S2 gupdate1c9a4e08fc98cb0;Služba Google Update (gupdate1c9a4e08fc98cb0);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 22:07 133104]
S4 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [15.3.2009 18:47 582144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-06-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\aplikace\Utils\TuneUP08\OneClick.exe [2007-12-21 14:17]
2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:07]
2009-06-18 c:\windows\Tasks\NeroLiveEpgUpdate-HENRY_Administrator.job
- d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 13:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\aplikace\Kancelar\Office03\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\aplikace\Kancelar\Adobe\Acrobat7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\9dxildhr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\aplikace\Kancelar\Adobe\Reader8\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 09:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-682003330-448539723-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,cd,e9,d0,37,63,98,43,bb,5e,ec,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3040)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-27 9:11
ComboFix-quarantined-files.txt 2009-06-27 07:11
ComboFix2.txt 2009-06-26 20:30
ComboFix3.txt 2009-06-26 18:25
ComboFix4.txt 2009-01-03 15:46
Před spuštěním: 2 432 438 272
Po spuštění: 2 416 046 080
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
350 --- E O F --- 2009-06-11 21:50
Na začátku všeho bylo slovo a ve slově byly dva bajty, a víc nebylo nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
PC by mělo být čisté.
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
PC by mělo být čisté.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 107 hostů